cve/2024/CVE-2024-29216.md

### [CVE-2024-29216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29216)
![](https://img.shields.io/static/v1?label=Product&message=cg6kwin2k.sys&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20prior%20to%202.1.7.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposed%20IOCTL%20with%20Insufficient%20Access%20Control&color=brighgreen)

### Description

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

### POC

#### Reference
- https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download
- https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds